Helping software developers
We believe that a source code review finds far more vulnerabilities than a blackbox pentest. So for software companies with not so valuable data a blackbox pentest suffices. For companies with actual valuable data, or a valuable brand: we advice to go for code review. Of course, we see the value in pulling off an actual hack. So our security analysts also verify vulnerabilities in a testing environment.
Software security analysis
Our security analysts help software developing companies with a one-off pentest, just like a regular pentest but more accurate for a lower budget. However, we can do more.
One of our software security engineers can become a part of your team and integrate security in your agile way of working. To do code review after each commit, act as a sparring partner for secure design choices, and share best practices.
Standard pentest reports are lengthy, too complex for management, and too superficial for developers. We improve that by sending issues found by our security analysts directly to your issue tracker (GitLab, Jira, etc.).
Of course we still provide a 'standard' pentest report if you need that for your customers.
To make sure your developers can fix vulnerabilities quicker, we add strategies to mitigate those vulnerabilities.
Since our security analysts make use of our review environment they are a lot more efficient and effective in finding vulnerabilities. That performance increase helps us to lower prices while at the same time find more vulnerabilities.
By leveraging our codemark feature, it becomes possible to perform a continuous security review You work agile with CI/CD, so why do a pentest just once a year? The week after a pentest you add new code and therefore potential new vulnerabilities...